<!DOCTYPE html><html lang="en"><head><link rel="stylesheet" href="style.css" /><title>ASDS</title></head><body> <script type="text/javascript"  src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>  <script type="text/javascript">  $(function () {  $('#container').highcharts({  chart: {  type: 'column'  },  title: {  text: 'Attack Campaign Statistics'  },  yAxis: {  min: 0,  title: {  text: 'No of Similarity'  }  },  tooltip: {  headerFormat: '<span style="font-size:10px">{point.key}</span><table>',  pointFormat: '<tr><td style="color:{series.color};padding:0">{series.name}: </td>' +  '<td style="padding:0"><b>{point.y}</b></td></tr>',  footerFormat: '</table>',  shared: true,  useHTML: true  },  plotOptions: {  column: {  pointPadding: 0.2,  borderWidth: 0  }  },  xAxis: {  categories: [
  "Detection/Exact", 
  "Host", 
  "IP Location", 
  "Network Files", 
  "Static", 
  "String", 
  "Threat Name", 
  "Version"
] },  series: [
  {
    "data": [
      1, 
      0, 
      0, 
      0, 
      1, 
      6, 
      2, 
      4
    ], 
    "name": "Total Matches"
  }, 
  {
    "data": [
      0, 
      0, 
      0, 
      0, 
      1, 
      1, 
      2, 
      0
    ], 
    "name": "> 50% matched"
  }, 
  {
    "data": [
      1, 
      0, 
      0, 
      0, 
      0, 
      5, 
      0, 
      4
    ], 
    "name": "< 50% matched"
  }
] });  });  </script></head><body>  <script src="Highcharts-4.0.1/js/highcharts.js"></script>  <script src="Highcharts-4.0.1/js/modules/exporting.js"></script>  <div id="container" style="min-width: 310px; height: 400px; margin: 0 auto"></div> <TABLE cellpadding="4" style="border: 1px solid #000000; border-collapse: collapse;" border="1">
  <COL width="130">
 <TR>
  <TH bgcolor="#78b5ff"><a name="Summary"></a>Summary</TH>
  <TH bgcolor="#78b5ff">Result</TH>
 </TR>
 <TR>
  <TD><a href="#Detection/Exact">Detection/Exact</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="270">
  <COL width="80">
 <TR>
  <TD>Detection/Exact Similarity</TD>
  <TD>1</TD>
 </TR>
 <TR>
  <TD>Detection/Exact in set A</TD>
  <TD>3</TD>
 </TR>
 <TR>
  <TD>Detection/Exact in set B</TD>
  <TD>1</TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD><a href="#Host">Host</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="270">
  <COL width="80">
 <TR>
  <TD>Host Similarity</TD>
  <TD>0</TD>
 </TR>
 <TR>
  <TD>Host in set A</TD>
  <TD>0</TD>
 </TR>
 <TR>
  <TD>Host in set B</TD>
  <TD>0</TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD><a href="#IP Location">IP Location</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="270">
  <COL width="80">
 <TR>
  <TD>IP Location Similarity</TD>
  <TD>0</TD>
 </TR>
 <TR>
  <TD>IP Location in set A</TD>
  <TD>0</TD>
 </TR>
 <TR>
  <TD>IP Location in set B</TD>
  <TD>0</TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD><a href="#Network Files">Network Files</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="270">
  <COL width="80">
 <TR>
  <TD>Network Files Similarity</TD>
  <TD>0</TD>
 </TR>
 <TR>
  <TD>Network Files in set A</TD>
  <TD>0</TD>
 </TR>
 <TR>
  <TD>Network Files in set B</TD>
  <TD>0</TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD><a href="#Static">Static</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="270">
  <COL width="80">
 <TR>
  <TD>Static Similarity</TD>
  <TD>1</TD>
 </TR>
 <TR>
  <TD>Static in set A</TD>
  <TD>1</TD>
 </TR>
 <TR>
  <TD>Static in set B</TD>
  <TD>1</TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD><a href="#String">String</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="270">
  <COL width="80">
 <TR>
  <TD>String Similarity</TD>
  <TD>6</TD>
 </TR>
 <TR>
  <TD>String in set A</TD>
  <TD>6</TD>
 </TR>
 <TR>
  <TD>String in set B</TD>
  <TD>23</TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD><a href="#Threat Name">Threat Name</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="270">
  <COL width="80">
 <TR>
  <TD>Threat Name Similarity</TD>
  <TD>2</TD>
 </TR>
 <TR>
  <TD>Threat Name in set A</TD>
  <TD>5</TD>
 </TR>
 <TR>
  <TD>Threat Name in set B</TD>
  <TD>5</TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD><a href="#Version">Version</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="270">
  <COL width="80">
 <TR>
  <TD>Version Similarity</TD>
  <TD>4</TD>
 </TR>
 <TR>
  <TD>Version in set A</TD>
  <TD>6</TD>
 </TR>
 <TR>
  <TD>Version in set B</TD>
  <TD>6</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE><br><br></br></br><a href="#Summary">Go to top</a><TABLE cellpadding="4" style="border: 1px solid #000000; border-collapse: collapse;" border="1">
  <COL width="150">
  <COL width="320">
  <COL width="320">
 <TR>
  <TH bgcolor="#78b5ff"><a name="Threat Name"></a>Threat Name</TH>
  <TH bgcolor="#78b5ff">Set A</TH>
  <TH bgcolor="#78b5ff">Set B</TH>
 </TR>
 <TR>
  <TD>Not Malicious</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="320">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="320">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD>Trojan.Zbot</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="320">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="320">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE><br><br></br></br><a name="Trait"></a><a name="Trait Objects"></a><a href="#Summary">Go to top</a><TABLE cellpadding="4" style="border: 1px solid #000000; border-collapse: collapse;" border="1">
  <COL width="1850">
 <TR>
  <TH bgcolor="#78b5ff"><a name="Detection/Exact"></a>Detection/Exact</TH>
 </TR>
 <TR>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="50">
  <COL width="100">
  <COL width="800">
  <COL width="800">
 <TR>
  <TD>No</TD>
  <TD>Match %</TD>
  <TD>Set A</TD>
  <TD>Set B</TD>
 </TR>
 <TR>
  <TD>1</TD>
  <TD>24</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait2</TD>
  <TD>Trojan.Win32.Yakes.eoao</TD>
 </TR>
 <TR>
  <TD>trait2_action</TD>
  <TD>Kaspersky</TD>
 </TR>
 <TR>
  <TD>trait2_object</TD>
  <TD>Detection/Exact</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait2</TD>
  <TD>Trojan-Spy.Win32.Zbot.rvma</TD>
 </TR>
 <TR>
  <TD>trait2_action</TD>
  <TD>kavcon</TD>
 </TR>
 <TR>
  <TD>trait2_object</TD>
  <TD>Detection/Exact</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE><br><br></br></br><a href="#Summary">Go to top</a><TABLE cellpadding="4" style="border: 1px solid #000000; border-collapse: collapse;" border="1">
  <COL width="1850">
 <TR>
  <TH bgcolor="#78b5ff"><a name="Version"></a>Version</TH>
 </TR>
 <TR>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="50">
  <COL width="100">
  <COL width="800">
  <COL width="800">
 <TR>
  <TD>No</TD>
  <TD>Match %</TD>
  <TD>Set A</TD>
  <TD>Set B</TD>
 </TR>
 <TR>
  <TD>1</TD>
  <TD>14</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>dpeoptdbtool</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Original name</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>Version</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>pers regogn uitool</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Internal name</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>Version</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD>2</TD>
  <TD>11</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>dbe optimizedb tool</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Internal name</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>Version</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>Personalize Recognition UI Tool</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Description</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>Version</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD>3</TD>
  <TD>14</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>dpeoptdbtool</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Original name</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>Version</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>perrecognuitool</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Original name</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>Version</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD>4</TD>
  <TD>35</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>Copyright (C) 2014 DevVens Ltd.</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Copyright</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>Version</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>Copyright (C) 2013 SunbDev Group</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Copyright</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>Version</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE><br><br></br></br><a href="#Summary">Go to top</a><TABLE cellpadding="4" style="border: 1px solid #000000; border-collapse: collapse;" border="1">
  <COL width="1850">
 <TR>
  <TH bgcolor="#78b5ff"><a name="Static"></a>Static</TH>
 </TR>
 <TR>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="50">
  <COL width="100">
  <COL width="800">
  <COL width="800">
 <TR>
  <TD>No</TD>
  <TD>Match %</TD>
  <TD>Set A</TD>
  <TD>Set B</TD>
 </TR>
 <TR>
  <TD>1</TD>
  <TD>100</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>PE - I386, Windows GUI, EXE</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>xfile</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>Static</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>PE - I386, Windows GUI, EXE</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>xfile</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>Static</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE><br><br></br></br><a href="#Summary">Go to top</a><TABLE cellpadding="4" style="border: 1px solid #000000; border-collapse: collapse;" border="1">
  <COL width="1850">
 <TR>
  <TH bgcolor="#78b5ff"><a name="String"></a>String</TH>
 </TR>
 <TR>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="50">
  <COL width="100">
  <COL width="800">
  <COL width="800">
 <TR>
  <TD>No</TD>
  <TD>Match %</TD>
  <TD>Set A</TD>
  <TD>Set B</TD>
 </TR>
 <TR>
  <TD>1</TD>
  <TD>15</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>.cc.
C66363A5
VID: 88880007 CAUTION.Possible.Cipher
ADD INFO: Possibly using Rijndael or AES encryption/decryption
NOTES: A value in a table used by Rijndael
CLASSIFICATION: Just information</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Find</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>String</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>FCICreate
464349437265617465
CLASSIFICATION: Just information</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Find</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>String</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD>2</TD>
  <TD>11</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>.cc.
C66363A5
VID: 88880007 CAUTION.Possible.Cipher
ADD INFO: Possibly using Rijndael or AES encryption/decryption
NOTES: A value in a table used by Rijndael
CLASSIFICATION: Just information</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Find</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>String</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>B.L09n.@.:......
42E94C30396ED840943AB913C40C9CD4
ADD INFO: Possibly Manipulating Windows Firewall
NOTES: NetFwMgr : GUID {304CE942-6E39-40D8-943A-B913C40C9CD4}
CLASSIFICATION: Unknown</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Find</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>String</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD>3</TD>
  <TD>12</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>.cc.
C66363A5
VID: 88880007 CAUTION.Possible.Cipher
ADD INFO: Possibly using Rijndael or AES encryption/decryption
NOTES: A value in a table used by Rijndael
CLASSIFICATION: Just information</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Find</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>String</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>......2F........
F58A89F7C4CA3246A2ECDA06E5111AF2
ADD INFO: Possibly manipulating Windows Firewall.
NOTES: INetFwMgr : GUID {F7898AF5-CAC4-4632-A2ECDA06E5111AF2}
CLASSIFICATION: Not malicious itself</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Find</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>String</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD>4</TD>
  <TD>13</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>.cc.
C66363A5
VID: 88880007 CAUTION.Possible.Cipher
ADD INFO: Possibly using Rijndael or AES encryption/decryption
NOTES: A value in a table used by Rijndael
CLASSIFICATION: Just information</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Find</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>String</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>PFXExportCertStore
5046584578706F72744365727453746F7265
ADD INFO: May be Infostealer.
NOTES: The function to export the certificates and, if available, the associated private keys from the referenced certificate store.
CLASSIFICATION: Just information</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Find</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>String</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD>5</TD>
  <TD>100</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>.9csm.u?.=???..t?h???..??.......t%..???.....%%.??...
813963736DE075??833D??????000074??68??????00E8????000083C40485C074%CfFF15??????0083C4088B%f%fE8????00008
VID: D16B Trojan.Shylock</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Find</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>String</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>.9csm.u?.=???..t?h???..??.......t%..???.....%%.??...
813963736DE075??833D??????000074??68??????00E8????000083C40485C074%CfFF15??????0083C4088B%f%fE8????00008
VID: D16B Trojan.Shylock</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Find</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>String</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
 <TR>
  <TD>6</TD>
  <TD>13</TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/f2d44163b9678c5c0113229271a54b81">f2d44163b9678c5c0113229271a54b81</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>.cc.
C66363A5
VID: 88880007 CAUTION.Possible.Cipher
ADD INFO: Possibly using Rijndael or AES encryption/decryption
NOTES: A value in a table used by Rijndael
CLASSIFICATION: Just information</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Find</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>String</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="600">
 <TR>
  <TD><a href="http://rats.gist.symantec.com/rats/sample/traits/df8e47a28908f8b343de8c2da4b381ad">df8e47a28908f8b343de8c2da4b381ad</a></TD>
  <TD><TABLE cellpadding="4" style="border: 1px solid #FFFFFF; border-collapse: collapse;" border="1">
  <COL width="200">
  <COL width="400">
 <TR>
  <TD>trait</TD>
  <TD>.O....ND...^...P
FA4FE6B5C5C24E44A301FB5E00018050
ADD INFO: Possibly checking Windows Firewall settings.
NOTES: INetFwAuthorizedApplication : GUID {B5E64FFA-C2C5-444E-A301-FB5E0001805E}
CLASSIFICATION: Not malicious itself</TD>
 </TR>
 <TR>
  <TD>trait_action</TD>
  <TD>Find</TD>
 </TR>
 <TR>
  <TD>trait_object</TD>
  <TD>String</TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE></TD>
 </TR>
</TABLE><br><br></br></br></body></html>